At home, I am connected with an IPv6 address and additionally, my provider provides a NAT-like setup through which I receive a public IPv4 address that I share with other customers (the reason being obviously that we are running low on IPv4 addresses).
As a result, I cannot reach my devices at home (e.g. my VPN gateway) when I am on an IPv4 network. However, I do have a server that has both an IPv4 and an IPv6 address. Thus, it should be possible to reach my home devices if I go through my server.
Here is what I have in mind so far: Since on IPv6, each device gets their own IP, my server at home gets a static IPv6 IP. My remote server already has both static IPv4 and IPv6.
When I now want to reach my OpenVPN server at home, previously I would open port 1194 in my router and NAT would pass connections along to the server there. In my new scenario, I want to connect on port 1194 (or a different, doesn't matter) on my remote server and it should take that connection and tunnel it to my home server (seeing as they both have IPv6).
Graphically, this would mean:
Mobile Device (IPv4) --> Remote Server (IPv4+IPv6) --> Home Server (IPv6)
But this should only happen on select ports (or is there even a more clever way than to select by port?).
My question is, how do I achieve this setup?
At which level should this operate? If I want to do it by port, I obviously have to forward the packet at the TCP/UDP layer. My first idea would be iptables, but can iptables forward a packet to a remote IP? Or is there other software that can? Or should I create a tunnel between the two servers and then forward this locally? How would I go about that?
